Alberto Valverde wrote: > Gustavo Narea wrote: > >> Hello, >> >> Authorization-related messages are no longer flashed in TG2 trunk. Could >> this >> be related to the modifications to the flash() function lately? >> >> > > That's most probable since the flash payload is now passed in a cookie > and this cookie is lost somewhere in the middleware stack if the > response's status is a 401. This doesn't affect only flash but can > potentially affect any application using cookies. I've just comited a > FIXME test to prove it: > > http://trac.turbogears.org/changeset/6135 > > My guess is that repoze.who's RedirectFormPlugin is not copying the > cookies from the 401 response when traps it and redirects to the login > handler but I need to confirm it. Will try to that tomorrow. >
Confirmed. The following patch makes the test pass so it will probably fix the flash issue: Index: repoze/who/plugins/form.py =================================================================== --- repoze/who/plugins/form.py (revision 3293) +++ repoze/who/plugins/form.py (working copy) @@ -190,7 +190,8 @@ url_parts[4] = urllib.urlencode(query_elements, doseq=True) login_form_url = urlparse.urlunparse(url_parts) headers = [ ('Location', login_form_url) ] - headers = headers + forget_headers + cookies = [(h,v) for (h,v) in app_headers if h.lower() == 'set-cookie'] + headers = headers + forget_headers + cookies return HTTPFound(headers=headers) It's late here, I'll send a proper patch tomorrow to the repoze people tomorrow with a test case hopefully. Alberto P.S: Cc'ing them in case a kind soul wants to beat me to it while I'm asleep :) _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev